CN116010910A - Software authorization method, data processing method, device, equipment and medium - Google Patents

Software authorization method, data processing method, device, equipment and medium Download PDF

Info

Publication number
CN116010910A
CN116010910A CN202211731221.7A CN202211731221A CN116010910A CN 116010910 A CN116010910 A CN 116010910A CN 202211731221 A CN202211731221 A CN 202211731221A CN 116010910 A CN116010910 A CN 116010910A
Authority
CN
China
Prior art keywords
user
target
information
authorization
login request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211731221.7A
Other languages
Chinese (zh)
Inventor
李爱明
刘冰
鹿弋炜
鞠常宇
曹斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Reach Automotive Technology Shenyang Co Ltd
Original Assignee
Neusoft Reach Automotive Technology Shenyang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Reach Automotive Technology Shenyang Co Ltd filed Critical Neusoft Reach Automotive Technology Shenyang Co Ltd
Priority to CN202211731221.7A priority Critical patent/CN116010910A/en
Publication of CN116010910A publication Critical patent/CN116010910A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The application discloses a software authorization method, a data processing method, a device, equipment and a medium, wherein the method comprises the following steps: receiving login request information sent by user equipment, wherein the login request information comprises a first user password corresponding to a first user name; determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software; and feeding the target authorization information back to the user equipment, so that the user equipment provides the user with the use authority of the function to be authorized for the user based on the target authorization information.

Description

Software authorization method, data processing method, device, equipment and medium
Technical Field
The application belongs to the technical field of information security, and particularly relates to a software authorization method, a data processing method, a device, equipment and a medium.
Background
In the related art, a software developer protects a software product to prevent the software product from being illegally copied, so as to protect the rights and interests of the software developer. Accordingly, a user needs to obtain an authorized license for the software product when using the software product. Current software systems typically implement forced binding of user's host hardware information with an authorization license when authorizing the software.
Because of the forced binding mechanism of the authorization permission and the host hardware information, the authorization mode cannot avoid that a user uses the software on another machine by cloning the virtual machine file, and the authorization method has lower reliability.
Disclosure of Invention
The embodiment of the application provides an implementation scheme different from the related art, so as to solve the technical problem that an authorization method for authorizing the function of software is unreliable by a forced binding mechanism of authorization permission and host hardware information in the related art.
In a first aspect, the present application provides a method for software authorization, including:
receiving login request information sent by user equipment, wherein the login request information comprises a first user password corresponding to a first user name;
determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software;
and feeding the target authorization information back to the user equipment, so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information.
In a second aspect, the present application provides a data processing method, including:
When a login operation of a user for target software is detected, a first user password which is input by the user and corresponds to a first user name is acquired;
determining login request information according to the first user name and the first user password, wherein the login request information comprises the first user password of which the first user name corresponds to the first user name;
the login request information is sent to an authorization management server, and the authorization management server determines target authorization information corresponding to the login request information according to the corresponding relation between the login request information and a preset relation, wherein the target authorization information comprises a function to be authorized for target software;
receiving the target authorization information fed back by the authorization management server;
and providing the user with the use authority of the function to be authorized based on the target authorization information.
In a third aspect, the present application provides a software authorization apparatus, comprising:
the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving login request information sent by user equipment, and the login request information comprises a first user password corresponding to a first user name;
the determining unit is used for determining target authorization information corresponding to the login request information according to the corresponding relation between the login request information and the preset information, wherein the target authorization information comprises a function to be authorized for target software;
And the feedback unit is used for feeding the target authorization information back to the user equipment so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information.
In a fourth aspect, the present application provides an electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the first aspect or any of the possible implementations of the first aspect via execution of the executable instructions.
In a fifth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of the first aspect or any of the possible implementations of the first aspect.
In a sixth aspect, embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the method of the first aspect or any of the possible embodiments of the first aspect.
The login request information sent by the user equipment is received, wherein the login request information comprises a first user password corresponding to a first user name; determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software; the target authorization information is fed back to the user equipment, so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information, the function of improving the reliability and flexibility of software authorization authentication can be achieved, the user can use software products more efficiently, and the waste of resources is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the related art, the following description will briefly describe the drawings that are required to be used in the embodiments or the related technical descriptions, and it is obvious that, in the following description, the drawings are some embodiments of the present application, and other drawings may be obtained according to these drawings without any inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a schematic diagram of a basic framework of a software authorization system according to an embodiment of the present application;
FIG. 2 is a flowchart of a software authorization method according to an embodiment of the present application;
FIG. 3 is a flow chart of a data processing method according to an embodiment of the present disclosure;
fig. 4 is a schematic flow chart of a user equipment application login according to an embodiment of the present application;
fig. 5 is a flowchart of a heartbeat mechanism of target software on a user equipment according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application, examples of which are illustrated in the accompanying drawings, are described in detail below. The embodiments described below by referring to the drawings are exemplary and intended for the purpose of explaining the present application and are not to be construed as limiting the present application.
The terms first and second and the like in the description, the claims and the drawings of the embodiments of the present application are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be capable of implementation in sequences other than those illustrated or described herein, for example. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, some terms in the embodiments of the present application are explained below to facilitate understanding by those skilled in the art.
Heartbeat mechanism: the heartbeat mechanism is a mechanism for periodically sending a self-defined structure body (heartbeat package) to enable the opposite party to know that the opposite party is still alive so as to ensure the validity of the connection.
AES: advanced Encryption Standard the advanced encryption standard, AES algorithm is the most common symmetric encryption algorithm, which is an algorithm that encrypts and decrypts with the same key.
Replay attack (or replay attack), is a form of network attack that repeats or delays valid data, either malicious or fraudulent. This may be performed by the initiator or by an adversary intercepting and retransmitting the data, which may be part of a spoofing attack by IP packet substitution.
The inventors found through research that: in the related art, a software developer protects a software product to prevent the software product from being illegally copied, so as to protect the rights and interests of the software developer. Accordingly, a user needs to obtain an authorized license for the software product when using the software product. Current software systems typically implement forced binding of user's host hardware information with an authorization license when authorizing the software.
Because of the forced binding mechanism of the authorization permission and the host hardware information, the authorization mode cannot identify that the user uses the software on another machine by cloning the virtual machine file, and the authorization method has lower reliability.
In addition, if a user who purchases a software product changes a machine or a virtual machine reloading system, the original authorization license is invalid and cannot be used on other machines, so that the method has great limitation and is inflexible.
In addition, large commercial software generally needs to be authorized to be used by nodes (i.e. devices) corresponding to a plurality of target software, and in this way, abnormality of a certain node cannot be identified, so that authorization is not occupied, and other nodes cannot use the software product, thus wasting resources.
The present application provides a solution to the foregoing technical problem, and the following detailed description is given with specific embodiments to the technical solution of the present application and how the technical solution of the present application solves the foregoing technical problem. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 1 is a schematic diagram of a basic framework of a software authorization system according to an exemplary embodiment of the present application, where the structure includes: an authorization management server 10 and a user device 20, wherein the user device 20 is configured to:
When a login operation of a user for target software is detected, a first user password which is input by the user and corresponds to a first user name is acquired;
determining login request information according to the first user name and the first user password, wherein the login request information comprises the first user password of which the first user name corresponds to the first user name;
the login request information is sent to the authorization management server 10, and the authorization management server 10 is configured to:
determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software;
the target authorization information is fed back to the user equipment 20.
The user equipment 20 is also for: and providing the user with the use authority of the function to be authorized based on the target authorization information.
Optionally, the system deployed in the user equipment 20 may be a linux system or a windows system.
Both the authorization management server 10 and the user equipment 20 may be terminals or servers. The terminal can be smart phones, tablet computers, notebook computers, intelligent voice interaction equipment, intelligent household appliances and other equipment. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), basic cloud computing services such as big data and artificial intelligent platforms, and the like.
The execution principle and interaction process of each component unit in the embodiment of the system can be referred to as the following description of each method embodiment. It should be noted that the following description order of embodiments is not a limitation of the priority order of embodiments.
Fig. 2 is a flowchart of a software authorization method according to an exemplary embodiment of the present application, where the method is applicable to the authorization management server 10, and the method at least includes the following steps S21-S23:
s21: receiving login request information sent by user equipment, wherein the login request information comprises a first user password corresponding to a first user name;
the user equipment can be used for installing target software by a user, the user can start the target software on the user equipment and execute login operation, and specifically, the user can input a first user password with the first user name corresponding to the first user name and then click a login button to execute login operation. The user can input a first user password corresponding to the first user name through a login interface popped up on the user equipment.
The login request information may include information obtained by encrypting the first user name and the first user password corresponding to the first user name by the user equipment through a preset encryption algorithm. Optionally, the preset encryption algorithm is an AES algorithm.
Alternatively, the relevant personnel of the software developer may obtain the authorized applicant information from the authorized applicant, wherein the authorized applicant information includes, but is not limited to: the authority information of the authority to which the authority applying party belongs, the authorization information and the number of the authorizable devices needing to acquire the authorization. Optionally, the authorization information includes: the authorization applicant is aimed at least one function to be authorized of the target software and the usable period corresponding to each function to be authorized, namely the authorization period. The mechanism information refers to a mechanism identifier and is used for uniquely representing the mechanism.
Optionally, after the software developer obtains the information of the authorized application party, one or more user accounts may be created for the authorized application party by the administrator of the authorization management server, where the number of user accounts is the same as the number of the above-mentioned authorizable devices, and the one or more user accounts are fed back to the authorized application party, so that the authorized application party logs in to the target software according to the one or more user accounts, and uses the at least one function to be authorized.
The one or more user accounts created for the authorized application party have a corresponding relationship with the information of the authorized application party sent by the authorized application party, and the corresponding relationship can be stored in a database as a preset corresponding relationship.
Alternatively, the target software may be word, ppt, etc., which is not limited in this application.
Optionally, the user account includes a second user password corresponding to the second user name.
Optionally, the aforementioned authorization applicant information and the aforementioned one or more user account numbers may be stored in a database.
Alternatively, the database may be located in an authorization management server.
Optionally, the authorization management server may include a plurality of authorization applicant information, and different authorization applicant information may belong to different authorization applicant.
S22: determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software;
optionally, in S22, determining the target authorization information corresponding to the login request information according to the relationship between the login request information and the preset correspondence, including the following S221-S223:
s221, verifying the login request information to obtain a verification result, and controlling the user equipment to log in target software corresponding to the login request information when the verification result indicates that the verification is successful;
before verifying the login request information, a preset algorithm is required to decrypt the login request information, and optionally, the preset algorithm is an AES algorithm.
Optionally, when the verification result indicates that the verification fails, the user equipment is not controlled to log in the target software corresponding to the login request information, and the authorization management server may further send prompt information to the user equipment, where the prompt information is used to prompt the user that logging in the target software fails.
Optionally, in the foregoing S221, the verification of the login request information is performed to obtain a verification result, which includes the following S2211-S2212:
s2211, verifying whether a first target user name identical to the first user name is stored in a database, and if so, acquiring a target password corresponding to the first target user name from the database;
optionally, the user account includes a second user password corresponding to the second user name.
Optionally, the aforementioned authorization applicant information and the aforementioned one or more user account numbers may be stored in a database.
Specifically, according to the foregoing, a plurality of user account numbers, that is, a plurality of second user names, and second user passwords corresponding to the respective second user names may be stored in the database.
The second user name which is the same as the first user name in the database is the first target user name, and the second user password which corresponds to the second user name which is the same as the first user name is the target password which corresponds to the first target user name.
Further, if the database does not store the second user name identical to the first user name, outputting a verification result for indicating verification failure.
Optionally, after outputting the verification result for indicating verification failure, the user equipment is not controlled to log in the target software corresponding to the login request information.
Optionally, after outputting the verification result for indicating verification failure, the authorization management server sends a prompt message to the user equipment, and the authorization process is terminated.
Optionally, the prompt information is used for prompting the user that the login of the target software fails.
Alternatively, the prompting information may be specifically used to prompt the user that the first user name does not exist.
S2212, when the target password is the same as the first user password corresponding to the first user name, outputting a verification result for indicating that verification is successful.
When the target password is different from the first user password corresponding to the first user name, outputting a verification result for indicating verification failure, not controlling the user equipment to log in the target software corresponding to the login request information, sending prompt information to the user equipment by the authorization management server, and terminating the authorization process.
Optionally, the prompt information is used for prompting the user that the login of the target software fails.
Optionally, the prompt information is further used for prompting the user of password input errors.
Optionally, in S221, the step of verifying the login request information to obtain a verification result further includes: and checking the online state of the account corresponding to the first user name in the login request information, wherein the online state is optionally online or offline. And if the online state is online, outputting a verification result for indicating verification failure. And if the online state is offline, triggering and outputting a verification result for indicating successful verification. Optionally, the online state of the account number refers to that the user has logged in to the target software, and the offline state of the account number refers to that the user has not logged in to the target software.
Alternatively, the user may log into the aforementioned target software through a software client, web page, applet, or the like.
In a possible embodiment of the present application, the authorization management server includes a client presence detection module, and optionally, the client presence detection module includes a timer, a service processing module, and a database table. The timer is used for recording the login time of each account logging in the target software, the service processing module is used for inquiring and updating the timer and the database table, and the database table is used for storing the online state of each account.
In this application, an account corresponds to a user account (i.e., a second user name corresponds to a second user password).
Optionally, the authorization management server may obtain the online state of the account corresponding to the first user name by querying the database table in the client online state detection module.
Optionally, in the foregoing S221, the verification of the login request information is performed to obtain a verification result, and the following S2214-2216 are further included:
s2214, determining a corresponding mechanism identifier according to the first user name;
specifically, in S2214, determining the corresponding organization identifier according to the first user name includes: determining first authorization applicant information corresponding to the first user name according to the corresponding relation between the first user name and a preset; and taking the mechanism identifier in the first authorization applicant side information as the mechanism identifier corresponding to the first user name.
Optionally, the first authorization applicant information corresponding to the first user name includes authorization applicant information corresponding to a user account of the first user name.
S2215, obtaining the number of the account numbers which are corresponding to the mechanism identification and are logged in the target software;
optionally, the number of the account numbers, corresponding to the organization identifier, of which the target software is logged in is monitored in real time by the authorization management server and stored in a concurrency counter, where the concurrency counter is used for updating in real time the number of the account numbers, corresponding to the organization identifier, of which the target software is logged in.
Specifically, the obtaining the number of the account numbers, corresponding to the organization identifier, of which the target software is logged in includes: and searching the number of the account numbers which are corresponding to the mechanism identification and are logged in the target software in the concurrency counter.
S2216, when the number is smaller than a preset threshold corresponding to the target software for the organization identification, triggering and outputting a verification result for indicating that verification is successful, and when the number is not smaller than the preset threshold corresponding to the target software for the organization identification, outputting a verification result for indicating that verification is failed.
Optionally, the preset threshold corresponding to the target software by the organization identifier is the number of the authorizable devices needing to obtain authorization in the first authorization applicant information including the organization identifier.
Optionally, when the number is not less than a preset threshold corresponding to the target software by the mechanism identification, outputting a verification result for indicating verification failure, and not controlling the user equipment to log in the target software corresponding to the login request information.
Optionally, the authorization management server sends a prompt message to the user equipment, and the authorization process is terminated. The prompt information is used for indicating that the number of the account numbers which are corresponding to the mechanism identification and are logged in the target software reaches a preset threshold.
Optionally, when the number is smaller than a preset threshold corresponding to the organization identifier aiming at the target software, triggering and outputting a verification result for indicating that verification is successful.
Optionally, after the verification result indicates that the verification is successful, the client online state detection module in the authorization management server updates a database table in the client online state detection module, and updates the online state of the account corresponding to the first user name in the database table to be online.
Optionally, the client online state detection module further stores a time of the latest login of the account corresponding to the first user name in the timer.
Optionally, the authorization management server is further configured to update the number of accounts corresponding to the organization identifier, in the concurrency counter, that have logged into the target software, plus one.
S222, determining first authorization applicant information corresponding to the first user name according to the corresponding relation between the first user name and a preset;
optionally, the first authorization applicant information corresponding to the first user name includes authorization applicant information corresponding to a user account of the first user name.
S223, taking the first authorization information in the first authorization applicant information as target authorization information corresponding to the login request information.
S23, feeding the target authorization information back to the user equipment, so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information.
Optionally, in S23, the feeding back the target authorization information to the user equipment includes S231-S233:
s231, encrypting the target authorization information by using a preset encryption algorithm to obtain encrypted target authorization information;
alternatively, the preset encryption algorithm may be an AES algorithm.
S232, calculating the digest value of the target authorization information by using a preset digest algorithm, and encrypting the digest value of the target authorization information by using a preset encryption algorithm to obtain the target authorization information signature file corresponding to the target authorization information; alternatively, the preset digest algorithm may be a SHA-256 algorithm, and the preset encryption algorithm may be an AES algorithm.
S233, feeding back the encrypted target authorization information and the target authorization information signature file to the user equipment.
The introduction of the target authorization information signature file can prevent the target authorization information from being maliciously modified, ensure the information integrity of the target authorization information and effectively improve the security of the target authorization information.
Optionally, the software authorization method further includes the following S01-S02:
s01, receiving a heartbeat request sent by the user equipment;
optionally, the heartbeat request is a structural body that a heartbeat module of the user equipment sends to the authorization management server according to a preset period. Optionally, the heartbeat module includes a service processing module and a timer, where the service processing module is configured to send the heartbeat request, and the timer is configured to send a heartbeat request sending instruction to the service processing module according to the preset period.
Optionally, the heartbeat request includes the encrypted first user name and a first user password corresponding to the first user name.
Optionally, the authorization management server is further configured to decrypt the heartbeat request by using a preset algorithm, so as to obtain a first user password corresponding to the first user name and the first user name; optionally, the preset algorithm is an AES algorithm.
And S02, controlling the account corresponding to the login request information to be offline when the time interval of the history heartbeat request acquired from the user equipment before the heartbeat request distance is smaller than a first preset interval or the time interval of the history heartbeat request acquired from the user equipment before the heartbeat request distance is larger than a second preset interval.
Optionally, after controlling the account corresponding to the login request information to be offline, the method further includes: and updating the number of the account numbers which are corresponding to the mechanism identifiers and are logged in the target software in the concurrency counter by one, and updating the online state of the account numbers corresponding to the first user name in the database table in the online state detection module of the client to be in an offline state.
Optionally, the method further comprises: and when detecting that the time interval between a plurality of historical heartbeat requests in the preset time period is larger than a second preset interval, controlling the account corresponding to the login request information to be offline.
Alternatively, the first preset interval and the second preset interval may be arbitrarily selected by a software developer according to actual requirements, which is not limited herein.
And detecting whether the time interval of the heartbeat request from the previous history heartbeat request acquired from the user equipment is smaller than a first preset interval or not, and finding that the user equipment possibly has virtual machine copy or requests replay.
And detecting whether the time interval of the heartbeat request from the previous history heartbeat request acquired from the user equipment is larger than a second preset interval, wherein the downtime problem of the user equipment can be found, and a connecting node can be released in time for a new user equipment to use the target software.
The heartbeat mechanism is adopted between the authorization management server and the user equipment to prevent abnormal disconnection of the user equipment, and the current online state of the client is judged by receiving the feedback information of the client, so that the recovery and sharing of the authorization of the user account are realized.
Optionally, the first user name may include an organization identification.
Optionally, after receiving the heartbeat request, the method further includes the following S001-S003:
s001, verifying whether a first target user name which is the same as the first user name is stored in a database, and if so, determining to continuously check the online state of an account corresponding to the first user name; if not, the authorization management server sends error information to the user equipment. Wherein the error information is used to indicate to the user that the first user name does not exist.
S002, checking the online state of the account corresponding to the first user name, and executing S003 when the online state of the account corresponding to the first user name is online; and when the online state of the account corresponding to the first user name is offline, sending prompt information to the user equipment, wherein the prompt information is used for indicating re-login to the user.
Optionally, the service processing module queries a database table in the client online state detection module to obtain the online state of the account corresponding to the first user name, and if the online state of the account corresponding to the first user name is an offline state, the authorization management server sends prompt information to the user equipment, wherein the prompt information is used for indicating a re-login to the user.
Optionally, the prompt information is encrypted by using an AES algorithm by the authorization management server and then sent to the user equipment, and the user equipment decrypts the prompt information by using the AES algorithm, thereby obtaining a re-login instruction.
S003, determining whether one or more functions to be authorized corresponding to the first user name exceeds the usable period, and if so, terminating the use of the functions to be authorized, which exceed the usable period, by the account corresponding to the first user name.
Optionally, a prompt message for prompting the user of the function to be authorized that has expired may also be sent to the user device.
In the scheme, the authorization management server uses a multi-process and asynchronous non-blocking (epoll) technology to realize a multi-client concurrent authorization technology; the user equipment and the authorization management server perform authorization and authentication through the user account and the password, so that the sharing of authorized resources is realized, and the dependence of the traditional authorization system on the hardware information of the client operating environment is completely decoupled.
The virtual machine copy bypass authorization verification problem is solved. If the copied virtual machine is logged in by using different account numbers, the usability is not affected. If other personnel log in and clone the virtual machine, the authorization management server can judge through abnormal heartbeat request intervals, the client of the copying environment is forced to log in again after the client is disconnected, and the copying environment cannot be used.
The method can be used for carrying out dynamic authorization and related management operation on commercial software products, and realizes the control of the online quantity limitation of the user equipment, the decoupling of the authorization single machine binding and the authorization permission network sharing.
The login request information sent by the user equipment is received, wherein the login request information comprises a first user password corresponding to a first user name; determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software; the target authorization information is fed back to the user equipment, so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information, the function of improving the reliability and flexibility of software authorization authentication can be achieved, the user can use software products more efficiently, and waste of resources is avoided.
Fig. 3 is a flow chart of a data processing method according to an exemplary embodiment of the present application, where an execution body of the method may be the user equipment 20, and the method at least includes the following steps S31 to S35:
s31, when a login operation of a user for target software is detected, acquiring a first user name input by the user and a first user password corresponding to the first user name;
s32, determining login request information according to the first user name and the first user password, wherein the login request information comprises the first user password of which the first user name corresponds to the first user name;
s33, sending the login request information to an authorization management server, and enabling the authorization management server to determine target authorization information corresponding to the login request information according to the corresponding relation between the login request information and a preset, wherein the target authorization information comprises a function to be authorized for target software;
optionally, the login request information needs to be encrypted by a preset encryption algorithm and then sent to the authorization management server, and correspondingly, after the authorization management server receives the login request information, the login request information is decrypted by using an AES algorithm to obtain the first user name and the first user password corresponding to the first user name.
S34, receiving the target authorization information fed back by the authorization management server;
optionally, specifically, the user device also receives the target authorization information signature file. The software client corresponding to the user equipment decrypts the encrypted target authorization information by using an AES algorithm to obtain the target authorization information, and then uses the SAH-256 algorithm to perform abstract calculation on the target authorization information to obtain a first abstract value; further, the software client corresponding to the user equipment decrypts the target authorization information signature file by using an AES algorithm to obtain a second abstract value;
comparing the first digest value with the second digest value, and if the two digest values are consistent, determining that the target authorization information is not modified and the target authorization information is legal; if the two digest values are inconsistent, the target authorization information is determined to be modified, and the target authorization information is illegal.
S35, providing the user with the use authority of the function to be authorized based on the target authorization information.
Optionally, after receiving the legal target authorization information fed back by the authorization management server, the software client corresponding to the user equipment obtains the function to be authorized in the target authorization information, and stores the target authorization information, so that the user equipment displays a function module corresponding to the function to be authorized according to the function to be authorized in the target authorization information, and is used by a user.
Optionally, if the software user logs out, the user device sends a log-out request to the authorization management server, and the authorization management server updates the connection state of the account corresponding to the first user to an offline state, so as to release a connection node for use by new user devices.
FIG. 4 is a flowchart of a client application login process according to an embodiment of the present disclosure;
referring to fig. 4, in a possible embodiment of the present application, a user starts a software client on the device, the software client pops up a login interface, and the user inputs account information on the login interface, where the account information includes a first user password corresponding to the first user name and the first user name.
The software client generates login request information based on the account information, encrypts the login request information and sends the login request information to the authorization management server, and optionally, the algorithm used for encrypting the login request is an AES algorithm.
After receiving the encrypted login request information, the authorization management server decrypts the login request information, and accordingly, an algorithm used in decryption is an AES algorithm. Details of the related schemes can be found in the foregoing embodiments, and are not repeated here.
The authorization management server determines the identity of the client based on the login request information and verifies the user account information, wherein verifying the user account information comprises verifying a first user password corresponding to the first user name, and if a verification result indicates that verification fails, prompt information is sent to the software client, and the prompt information is used for indicating that login fails to a user. Details of the related schemes can be found in the foregoing, and are not repeated here.
And if the verification result indicates that the verification is successful, namely the user account information is correct, the authorization management server verifies whether the software client is logged in or not to obtain a verification result. Details of the scheme of the authorization management server for checking whether the software client has logged in may be found in the foregoing, and will not be described herein. And if the authentication result obtained by checking whether the software client is logged in by the authorization management server indicates that the authentication is successful, the authorization management server verifies the number of the account number which is corresponding to the organization identifier and is logged in to the target software and corresponds to the first user name, and the authentication result is obtained. Details of the related schemes can be found in the foregoing, and are not repeated here.
And if the authorization management server verifies the number of the accounts which are logged in the target software and correspond to the mechanism identification corresponding to the first user name, the obtained verification result indicates that verification is successful, the user account is allowed to log in the software client, and the authorization management server updates and stores related information. Details of the related schemes are described in detail in the above steps, and are not described in detail herein.
Optionally, after the user account corresponding to the first user name successfully logs in the target software, the authorization management server acquires target authorization information of the user account corresponding to the first user name, encrypts the target authorization information and generates a signature file. And the authorization management server sends the encrypted target authorization information and the signature file to a software client on the user equipment, so that the software client decrypts the encrypted target authorization information and the signature file and verifies the signature to obtain the target authorization information, and the function module is displayed according to the target authorization information. The foregoing may be referred to in relevant aspects, and will not be described in detail herein.
Fig. 5 is a flowchart of a heartbeat mechanism of a software client on a user equipment according to an embodiment of the present application;
Referring to fig. 5, in a possible embodiment of the present application, the heartbeat module of the software client sends a heartbeat request to the authorization management server at a timing, where the heartbeat request information includes encrypted account information.
And the authorization management server receives and decrypts the heartbeat request information, and determines and verifies account information corresponding to the heartbeat request information. And if the account information corresponding to the heartbeat request information is checked to be correct, checking the online state of the user account corresponding to the account information.
Further, checking the authorization period of the user account corresponding to the account information, and if the checking result indicates that the authorization period corresponding to the account information is expired, sending prompt information to the software client corresponding to the user equipment by the authorization management server.
Further, checking whether the interval of sending the heartbeat request is normal, if the check result indicates that the interval is normal, updating the heartbeat information and sending prompt information to the software client, wherein the prompt information is used for indicating that the heartbeat request is successful to the software client, and after the software client receives the prompt information, the service processing module enters a sleep period and waits for the next timer to respond. Details of the specific scheme in fig. 5 can be found in the foregoing, and will not be described here again.
The exemplary embodiment of the application also provides a software authorization device, which comprises;
the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving login request information sent by user equipment, and the login request information comprises a first user password corresponding to a first user name;
the determining unit is used for determining target authorization information corresponding to the login request information according to the corresponding relation between the login request information and the preset information, wherein the target authorization information comprises a function to be authorized for target software;
and the feedback unit is used for feeding the target authorization information back to the user equipment so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information.
Optionally, when the device is used for determining the target authorization information corresponding to the login request information according to the relationship between the login request information and a preset correspondence, the device is specifically used for:
verifying the login request information to obtain a verification result, and controlling the user equipment to log in target software corresponding to the login request information when the verification result indicates that the verification is successful;
determining first authorization applicant information corresponding to the first user name according to the corresponding relation between the first user name and a preset;
And taking the first authorization information in the first authorization applicant information as target authorization information corresponding to the login request information.
Optionally, when the foregoing device is used for verifying the login request information, the method is specifically used for:
verifying whether a first target user name which is the same as the first user name is stored in a database, and if so, acquiring a target password corresponding to the first target user name from the database;
and outputting a verification result for indicating that the verification is successful when the target password is the same as the first user password corresponding to the first user name.
Optionally, when the foregoing device is used for verifying the login request information, the method is specifically used for:
when the first target user name which is the same as the first user name is not stored in the database, or the first target user name which is the same as the first user name is stored in the database, but the target password corresponding to the first target user name is different from the first user password corresponding to the first user name, outputting a verification result for indicating verification failure.
Optionally, when the foregoing device is used for verifying the login request information, the method is specifically used for:
Determining a corresponding mechanism identifier according to the first user name;
acquiring the number of the account numbers which are corresponding to the mechanism identification and are logged in the target software;
when the number is smaller than the preset threshold corresponding to the target software for the organization identification, triggering and outputting a verification result for indicating successful verification, and when the number is not smaller than the preset threshold corresponding to the target software for the organization identification, outputting a verification result for indicating verification failure.
Optionally, the foregoing apparatus is further configured to:
receiving a heartbeat request sent by the user equipment;
and controlling the account corresponding to the login request information to be offline when the time interval of the heartbeat request from the previous historical heartbeat request obtained from the user equipment is smaller than a first preset interval or the time interval of the heartbeat request from the previous historical heartbeat request obtained from the user equipment is larger than a second preset interval.
Optionally, the heartbeat request may include a sending time of the heartbeat request.
An exemplary embodiment of the present application also provides a data processing apparatus, including:
the acquisition unit is used for acquiring a first user password corresponding to a first user name input by a user when the login operation of the user for target software is detected;
The determining unit is used for determining login request information according to the first user name and the first user password, wherein the login request information comprises the first user password of which the first user name corresponds to the first user name;
the sending unit is used for sending the login request information to an authorization management server, so that the authorization management server determines target authorization information corresponding to the login request information according to the corresponding relation between the login request information and a preset, and the target authorization information comprises a function to be authorized for target software;
the receiving unit is used for receiving the target authorization information fed back by the authorization management server;
and the providing unit is used for providing the user with the use authority of the function to be authorized based on the target authorization information. It should be understood that apparatus embodiments and method embodiments may correspond with each other and that similar descriptions may refer to the method embodiments. To avoid repetition, no further description is provided here. Specifically, the apparatus may perform the above method embodiments, and the foregoing and other operations and/or functions of each module in the apparatus are respectively for corresponding flows in each method in the above method embodiments, which are not described herein for brevity.
The apparatus of the embodiments of the present application are described above in terms of functional modules in conjunction with the accompanying drawings. It should be understood that the functional module may be implemented in hardware, or may be implemented by instructions in software, or may be implemented by a combination of hardware and software modules. Specifically, each step of the method embodiments in the embodiments of the present application may be implemented by an integrated logic circuit of hardware in a processor and/or an instruction in software form, and the steps of the method disclosed in connection with the embodiments of the present application may be directly implemented as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. Alternatively, the software modules may be located in a well-established storage medium in the art such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, and the like. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with hardware, performs the steps in the above method embodiments.
Fig. 6 is a schematic block diagram of an electronic device provided in an embodiment of the present application, which may include:
a memory 601 and a processor 602, the memory 601 being adapted to store a computer program and to transfer the program code to the processor 602. In other words, the processor 602 may call and run a computer program from the memory 601 to implement the methods in the embodiments of the present application.
For example, the processor 602 may be used to perform the method embodiments described above in accordance with instructions in the computer program.
In some embodiments of the present application, the processor 602 may include, but is not limited to:
a general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
In some embodiments of the present application, the memory 601 includes, but is not limited to:
volatile memory and/or nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DR RAM).
In some embodiments of the present application, the computer program may be partitioned into one or more modules that are stored in the memory 601 and executed by the processor 602 to perform the methods provided herein. The one or more modules may be a series of computer program instruction segments capable of performing the specified functions, which are used to describe the execution of the computer program in the electronic device.
As shown in fig. 6, the electronic device may further include:
a transceiver 603, the transceiver 603 being connectable to the processor 602 or the memory 601.
The processor 602 may control the transceiver 603 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. The transceiver 603 may include a transmitter and a receiver. The transceiver 603 may further include antennas, the number of which may be one or more.
It will be appreciated that the various components in the electronic device are connected by a bus system that includes, in addition to a data bus, a power bus, a control bus, and a status signal bus.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a computer, enables the computer to perform the method of the above-described method embodiments. Alternatively, embodiments of the present application also provide a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the method of the method embodiments described above.
When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces, in whole or in part, a flow or function consistent with embodiments of the present application. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. For example, functional modules in the embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
The foregoing is merely a specific embodiment of the present application, but the protection scope of the present application is not limited thereto, and any person skilled in the art can easily think about changes or substitutions within the technical scope of the present application, and the changes or substitutions are covered in the protection scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A method of software authorization, comprising:
receiving login request information sent by user equipment, wherein the login request information comprises a first user password corresponding to a first user name;
Determining target authorization information corresponding to the login request information according to the login request information and a preset corresponding relation, wherein the target authorization information comprises a function to be authorized for target software;
and feeding the target authorization information back to the user equipment, so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information.
2. The method according to claim 1, wherein determining target authorization information corresponding to the login request information according to a relationship between the login request information and a preset correspondence includes:
verifying the login request information to obtain a verification result, and controlling the user equipment to log in target software corresponding to the login request information when the verification result indicates that the verification is successful;
determining first authorization applicant information corresponding to the first user name according to the corresponding relation between the first user name and a preset;
and taking the first authorization information in the first authorization applicant information as target authorization information corresponding to the login request information.
3. The method according to claim 2, wherein verifying the login request information, to obtain a verification result, comprises:
Verifying whether a first target user name which is the same as the first user name is stored in a database, and if so, acquiring a target password corresponding to the first target user name from the database;
and outputting a verification result for indicating that the verification is successful when the target password is the same as the first user password corresponding to the first user name.
4. The method of claim 3, wherein verifying the login request information results in a verification result, further comprising:
when the first target user name which is the same as the first user name is not stored in the database, or the first target user name which is the same as the first user name is stored in the database, but the target password corresponding to the first target user name is different from the first user password corresponding to the first user name, outputting a verification result for indicating verification failure.
5. The method of claim 3, wherein verifying the login request information results in a verification result, further comprising:
determining a corresponding mechanism identifier according to the first user name;
acquiring the number of the account numbers which are corresponding to the mechanism identification and are logged in the target software;
When the number is smaller than the preset threshold corresponding to the target software for the organization identification, triggering and outputting a verification result for indicating successful verification, and when the number is not smaller than the preset threshold corresponding to the target software for the organization identification, outputting a verification result for indicating verification failure.
6. The method according to claim 1, wherein the method further comprises:
receiving a heartbeat request sent by the user equipment;
and controlling the account corresponding to the login request information to be offline when the time interval of the heartbeat request from the previous historical heartbeat request obtained from the user equipment is smaller than a first preset interval or the time interval of the heartbeat request from the previous historical heartbeat request obtained from the user equipment is larger than a second preset interval.
7. A method of data processing, comprising:
when a login operation of a user for target software is detected, a first user password which is input by the user and corresponds to a first user name is acquired;
determining login request information according to the first user name and the first user password, wherein the login request information comprises the first user password of which the first user name corresponds to the first user name;
The login request information is sent to an authorization management server, and the authorization management server determines target authorization information corresponding to the login request information according to the corresponding relation between the login request information and a preset relation, wherein the target authorization information comprises a function to be authorized for target software;
receiving the target authorization information fed back by the authorization management server;
and providing the user with the use authority of the function to be authorized based on the target authorization information.
8. A software authorization device, comprising:
the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving login request information sent by user equipment, and the login request information comprises a first user password corresponding to a first user name;
the determining unit is used for determining target authorization information corresponding to the login request information according to the corresponding relation between the login request information and the preset information, wherein the target authorization information comprises a function to be authorized for target software;
and the feedback unit is used for feeding the target authorization information back to the user equipment so that the user equipment provides the user with the use authority of the function to be authorized based on the target authorization information.
9. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the method of any of claims 1-7 via execution of the executable instructions.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method of any of claims 1-7.
CN202211731221.7A 2022-12-30 2022-12-30 Software authorization method, data processing method, device, equipment and medium Pending CN116010910A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211731221.7A CN116010910A (en) 2022-12-30 2022-12-30 Software authorization method, data processing method, device, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211731221.7A CN116010910A (en) 2022-12-30 2022-12-30 Software authorization method, data processing method, device, equipment and medium

Publications (1)

Publication Number Publication Date
CN116010910A true CN116010910A (en) 2023-04-25

Family

ID=86027917

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211731221.7A Pending CN116010910A (en) 2022-12-30 2022-12-30 Software authorization method, data processing method, device, equipment and medium

Country Status (1)

Country Link
CN (1) CN116010910A (en)

Similar Documents

Publication Publication Date Title
US11997220B2 (en) Scalable certificate management system architectures
EP3591564B1 (en) Event attestation for an electronic device
EP2550595B1 (en) System and method for remote maintenance of multiple clients in an electronic network using virtualization and attestation.
US10404472B2 (en) Systems and methods for enabling trusted communications between entities
CN110365684B (en) Access control method and device for application cluster and electronic equipment
WO2008028287A1 (en) Automated security privilege setting for remote system users
CN110362984B (en) Method and device for operating service system by multiple devices
CN103780580A (en) Method, server and system for providing capability access strategy
JP2023120287A (en) Scalable certificate management system architecture
CN116010910A (en) Software authorization method, data processing method, device, equipment and medium
KR102405977B1 (en) System and method for preventing network hacking
CN110868397B (en) Method and system for exchanging multipoint data of enterprise in different places
CN111090850B (en) Authentication system, method and device
CN113472546B (en) Data trusted processing method, block chain platform and terminal equipment
CN117728942A (en) Mutual trust code generation method, equipment verification method and electronic equipment
CN107948243B (en) Internet of things communication method, terminal and system
CN116668516A (en) Authorization management method, device, electronic equipment and computer medium
CN116010909A (en) Encryption device processing method, data processing method, device, equipment and medium
CN116232623A (en) Equipment online operation method, device, equipment and storage medium
CN117478422A (en) Interface data acquisition method and system based on password-free login in decoupling state
WO2022026965A1 (en) Device fingerprint encoding component attributes
CN117473466A (en) Interface protection method, device, nonvolatile storage medium and computer equipment
CN117454359A (en) Data processing method, device, equipment and medium
CN117857215A (en) Application authorization method, device, electronic equipment and readable storage medium
CN117527783A (en) File second transmission verification method and device, communication equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination